Webcast On Software Security In Government

Veracode is holding a webcast to release findings on the state of software security in federal, state and local government departments

Veracode has announced details of a webcast that will focus on the state of software security in the government sector. The event will draw on findings from Veracode's recently-released State of Software Security Report that included an examination of vulnerabilities associated with unclassified applications from US federal, state and local government agencies. The webcast will take place on Thursday, May 27 at 11:00 am ET and will be hosted by Government Computer News (GCN), the online authority for government IT officials.

During this webcast, Veracode will examine the state of software vulnerabilities impacting the government sector based on metrics gathered from real-world application assessments while applying lessons-learned from across multiple industries. Veracode will offer actionable information to policy makers, development and security professionals to help create, purchase and utilize secure, high quality software. Additionally, the webcast will detail some of the key findings of Veracode's first-of-its kind State of Software Security report including:

* More than half of the nearly 1,600 internally developed, open source, outsourced, and commercial applications analyzed when first submitted to Veracode were susceptible to an application layer attack similar to those exploited in the cyber attacks on the US Department of Defense, Google, Heartland and others.
* More than half of the applications in the government sector were deemed acceptable at first submission, placing them at the top of the more than 15 industries represented in the data set.
* Open source software has comparable security, faster remediation times, and fewer potential backdoors than commercial or outsourced software.

Veracode's State of Software Security Report provides security intelligence derived from multiple testing methodologies (static, dynamic and manual) on the full spectrum of application types (components, shared libraries, web and non-web applications) and programming languages (including Java, C/C++ and .NET) from every part of the software supply chain on which organizations depend. It represents intelligence gleaned from analyzing billions of lines of code submitted to Veracode for independent verification of software security.